期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络安全风险的模糊层次综合评估模型 被引量:36

The Model of Network Security Risk Assess Based on Fuzzy Algorithm and Hierarchy
下载PDF
导出
摘要 针对网络安全风险评估中人为因素多、指标难以量化的问题,在分析网络安全要素的基础上,将模糊数学的方法运用于网络安全风险评估中,并结合层次分析方法,建立了网络安全风险的模糊层次综合评估模型.该模型首先建立逻辑的3级网络层次,即服务层、主机层和网络层.在服务层通过对资产、威胁和漏洞各因子的量化计算后得出各自的风险值,然后利用模糊评价方法逐级计算各层风险指数.实验数据测试表明:通过3个层次自下而上地递阶评价各安全要素,利用先局部后整体的评估策略能直观地给出系统的安全态势,并且能准确评估网络系统3个层次的安全状况. Aiming at the weakness of being unable to provide numerical value of risk and avoid jamming encountered in the current security evaluation system, this paper presents a quantitative model of network security risk assess system, which is based on fuzzy algorithm and hierarchy. This model firstly establishes logical hierarchy of network, viz. service, host and whole network system, and calculates the risk value of service by putting forward the corresponding computation method of asset, threat and vulnerability, then adopts fuzzy algorithm to educe the risk value of every layer. This model evaluates security factors from bottom to top and gives the intuitionistic security situation from local to global. The experiments on the historical dataset show that applying this model can accurately describe network security status in three hierarchies.
作者 汪楚娇 林果园
机构地区 中国矿业大学计算机学院
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2006年第5期622-626,共5页 Journal of Wuhan University:Natural Science Edition
基金 国家自然科学基金(60473093) 信息安全国家重点实验室开放基金(02-04) 中国矿业大学青年科研基金(OD4550)资助项目
关键词 风险评估 威胁 脆弱性 资产 模糊 层次 risk assess threat vulnerability asset fuzzy hierarchy
分类号 TP309.1 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1ISO/IEC 17799 (BS ISO/IEC 17799: 2000). ISO Standard[S/OL]. [2006-01-26]. http://asia.bsi-global.com/Taiwan + About/BSINews/ ISO17799_translation, pd f .
  • 2陈秀真,郑庆华,管晓宏,林晨光.网络化系统安全态势评估的研究[J].西安交通大学学报,2004,38(4):404-408. 被引量:73
  • 3冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:308
  • 4Alonso G, Hagen C, Mohan C. Enhancing the Fault Ttolerance of Workflow Management Systems [J].IEEE Transaction on Concurrency, 2000,8 (3) : 74-81.
  • 5Son H, Seong P. A Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets[S/OL]. [2006-01-25]. http://ieeexplore.ieee. org/ie15/6417/17177/00793056. pdf.
  • 6Weber S. A Modified Analytic Hierarchy Process for Automated Manufacturing Decision [J]. Interface,1993,23(4): 75-84.
  • 7Farn K, Lin Shukuo, Ren A,et al. A Study on Information Security Management System Evaluation Assets, Threat and Vulnerability [J]. Computer Standards & Interfaces, 2004, (26) : 501-513.
  • 8Katerina G, Hassan A. Architectural-Level Risk Analysis Using UML [J]. IEEE Transaction Software Engineer, 2003,29(10) : 946-959.
  • 9ACSA and MITRE Corp. Information System Security Attribution Quantification orOrdering[C]//2001 1ST Workshop on Information System Security Scoring and Ranking Proceedings. Virginia: ACSA and MITRE Corp,2001.
  • 10Li Shoupeng, Wu Xitang. Important Concepts in Information Security Evaluation[J]. Computer Security,2003,(11) :2-3.

二级参考文献10

  • 1[1]Tim B. Multisensor data fusion for next generation distributed intrusion detection systems[A]. 1999 IRIS National Symposium on Sensor and Data Fusion, Laurel,USA,1999.
  • 2[2]Tim B. Intrusion systems and multisensor data fusion: creating cyberspace situational awareness[J]. Communications of the ACM, 2000, 43(4): 99~105.
  • 3[3]Martin R, Chris G.Snort users manual, Snort release 2.0.0[EB/OL].http://www.snort.org/docs/SnortUsersManual.pdf,2002-07-06.
  • 4[4]Tim B, Roger R. Defense-in-depth revisited:qualitative risk analysis methodology for complex network-centric operations[EB/OL].http://www.silkroad.com/papers/pdf/archives/defense-in-depth-revisited-original.pdf,2002-07-23.
  • 5[5]Honeynet Project.Know your enemy: statistics[EB/OL].http://www.HoneyNet.org/papers/stats/, 2001-07-22.
  • 6United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 7National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 8BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 9BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.
  • 10PELTIER T R. Information Security Risk Analysis[Z]. Rothstein Associates Inc, 2001.

共引文献374

同被引文献209

引证文献36

二级引证文献166

武汉大学学报(理学版)
2006年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部